[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing bind..

On Mon, 31 Dec 2001 06:52, P Prince wrote:
> > there are two major problems with all of bernstein's software.  the
> > first is that it requires you to throw away your existing
> > configuration...no big deal for a caching only name-server or if you
> > only have one or two domains to serve.  a severe pain in the arse if you
> > have hundreds or thousands of domains.
> This is crazy.  Anytime you change software packages, you must rewrite your
> configuration.

If two programs perform the same task then why can't they use the same config 
file?  Writing a program to support two different formats of config file 
isn't so difficult.

> And, if you or anyone you know manages thousands of
> domains, I'll mail you a crisp, clean 20 dollar bill.  (In order to be
> eligible, you must provide the name of your employer, so that I can avoid
> their service.)

Please mail a $20 bill to Craig and one to me as well.

While working for Versatel Telecom BV in Amsterdam I was running the 
24hoursnet service.  That service had over 4000 domains setup in bind (with 
scripts to create bind zone files from LDAP).

Why would you want to avoid such a service?  It doesn't make sense for every 
small company that wants a web site to have to run their own DNS etc.  It 
makes sense for a telco to run the sites for thousands of small companies, 
telcos can afford to pay people such as Craig and myself to run their servers 
in a reliable and secure fashion instead of having the secretary try to setup 
a set of ISP servers (with all the security and reliability problems you'd 

> > > Broken as many of them are, they still work quite well with djbdns,
> > > thank you.
> >
> > named.conf doesn't work with djbdns - a minor problem.
> This is a stupid argument.  httpd.conf doesn't work well with thttpd, and
> proftpd.conf doesn't work well at all with wu-ftpd.

Consider mail servers.  Currently there is a range of mail servers that can 
deliver to /var/mail/user-name or ~/Maildir/ storage and which honour 
.forward files, Postfix being a good example.  I can change a Postfix 
installation to use Procmail for delivery and it'll deliver mail in the same 
way.  If I choose to switch from Postfix to another server then it's not 
difficult to find another server using .forward files and /etc/aliases etc 
(NB Qmail does not do this).

Then there's about 6 POP servers and about 3 IMAP servers I can choose from 
(actually there's probably more, I'm just thinking of ones I've used or heard 
good reports about) which all use the same data store.

Contrast this to using Cyrus, Netscape iPlanet mail server, Exchange, Notes, 
or another mail server which has it's own strange and unique format for 

> > > > an additional part of the price you pay is djb's moronic non-free
> > > > software license
> > >
> > > Really?
> > >
> > > 	<http://cr.yp.to/distributors.html>
> >
> > yes, really.  non-free.
> >
> > if you don't understand WHY it's non-free then read the DFSG again.
> This doesn't deserve a response.

There is no response.  DJB software is not in Debian for a reason...

> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org

PS  When quoting messages please trim out the .sig lines etc.  It just wastes 
bandwidth and doesn't gain anything.

http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to: